NimbostratusHttp::collect to parse some data in the http request
I am having troubles on some http payload (xml soap) that I can't see in an irule (once I see it, i'd be able to parse some data and allow or drop traffic).
I have tried to tcpdumpo the traffic (-s0) and I see all the soap request sent from a device to the server that is behind the Bigip, there's no limit, the soap request is complete with tcpdump.
In this xml soap (a sequence of values in this format):
(value)16(/value)
(value2)222(/value2)
.
.
.
I need to parse a specific field and then to compare it with a string, if they match, go otherwise drop, not too difficult.
Issue is that with my irule I can see only a part of the soap xml, and more than the last half of it is missing and not collected:
Here my Irule:
when HTTP_REQUEST {
HTTP::collect 2151
}
when HTTP_REQUEST_DATA {
log local0. " payload [HTTP::payload]"
}
When I'll be able to see the payoad in full, then I could use findstr to parse the string I need and do my tests.
As told, in /var/log/ltm I see just part of the Soap xml, the rest is just "not collected, and not logged".
Any reason why ?
Even replacing the value (that I saw with the tcpdump) of 2151 did not solve:
HTTP::collect [HTTP::header Content-Length]
I am stuck :/
Thx a lot to anyone who has some tips.
Nicola
